Overview

overview

8

Static

static

1

yes - Copy (2).jpg

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yes - Copy (2).jpg

  • Size

    12KB

  • Sample

    240221-p76gbafe9x

  • MD5

    dfdce4908325a676a447b20a60196cba

  • SHA1

    975a864d82127e0037096ce326d322020764a8d2

  • SHA256

    516ff7ec447e79f48dd8116d58aedb63b92580a768b181a37e8f487599652ef0

  • SHA512

    e68188ab94bc66cdb0047300a857c317a05b02d8b752ac42f364a24922379e452818358a9e02e5e946b8f7724dccb1991eb2f567508e4be1168647134c0ce0cf

  • SSDEEP

    384:NNxTtsCNCcrioZ9AA0r4S/DTB/qdlFif7zo6J5HWeb/i:hKGrioZ9D0rd/DTob4j5W

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      yes - Copy (2).jpg

    • Size

      12KB

    • MD5

      dfdce4908325a676a447b20a60196cba

    • SHA1

      975a864d82127e0037096ce326d322020764a8d2

    • SHA256

      516ff7ec447e79f48dd8116d58aedb63b92580a768b181a37e8f487599652ef0

    • SHA512

      e68188ab94bc66cdb0047300a857c317a05b02d8b752ac42f364a24922379e452818358a9e02e5e946b8f7724dccb1991eb2f567508e4be1168647134c0ce0cf

    • SSDEEP

      384:NNxTtsCNCcrioZ9AA0r4S/DTB/qdlFif7zo6J5HWeb/i:hKGrioZ9D0rd/DTob4j5W

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks